Enumeration of .NET handlers (ASP.NET vulnerabilities)
https://stackoverflow.com/questions/11879084
-
25-06-2021 - |
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian문제
Based on security audit, I am addressing audit findings and eventually I am stack with one item:
124242 : Microsoft .NET Handlers Enumeration
Risk 1 : Web Services
It is possible to obtain the list of handlers the remote ASP.NET web server supports.
Solution:
None
References:
http://support.microsoft.com/kb/815145
Credit:
Tenable : 2009-12-04
I am running ASP.NET 2.0 application on Windows 2008 R2 server and I don't have ISA Server installed.
I feel that I need to configure some rules in Windows Firewall or URLScan, but I don't understand which one exactly.
해결책
Using this page http://www.iis.net/ConfigReference/system.webServer/handlers we found that access policy can be changed.
So pick one you like and apply using command string:
%systemroot%\system32\inetsrv\Appcmd set config "instancename/files" /section:handlers /accessPolicy:NoRemoteRead /commit:apphost
Place your instance name instead of "instancename".
Hope this helps.
Good luck.
